Splunk Search

Discussions

Thread Info

VPN count

Hi - We want to get users connected in 1 hour. When a user connects we get event_id="globalprotectgateway-auth-succ" ...

by Explorer in

How to group by date range from JSON Values?

I'm newer of splunk. On my log I've a JSON with two fields of interested: "initialCreationDate":"2020-03-02T00:00:00"...

by New Member in

How can i correlate 2 fields with different sourcetype in one table?

I have 2 searches for systems & folders. Both searches return a table. The fields systemID & folderID have the same v...

by Engager in

What is role of transforms.conf vs. props.conf for field extraction?

What is the role of props.conf vs. transforms.conf in field extraction? How do they relate to each other in order to ...

by Contributor in

Regex for digits before .zip

Hi, How do I write a regex to capture whenever I see any combination of 10 digits followed by .zip within a _raw e...

by Path Finder in

How to create a bucket of number of events instead of time?

Hello!  I'm tryng to get statistics of groups of 200 events. For instance, I have the following stats: |st...

by Explorer in

How to achieve request PerSecond using metrics

I have a query like this: | mstats rate(request_total) as request_rate prestats=true WHERE index="index-metrics" ...

by New Member in

Time Conversion Issue with now(), 0, last 24 hours, since, etc.

Hello, I'm having a time conversion issue with any earliest or latest time that is not in epoch. Here is my XML code ...

by Builder in

Regex help

I am at a loss as to why the following is not working. log: 2020-03-31 20:31:19,621 fail2ban.actions [709]: NOTICE [...

by New Member in

Need help joining multisearch results

Need help with bringing together results in a multisearch. Need to match department data from AD to an email address ...

by Path Finder in

Need help to write a query using Streamstats.

Hi Team, i have onboarded the Linux CPU logs using Splunk add on for linux. the requirement is , we need send an a...

by New Member in

problem with rounding bytes to gb

HelloI have use this command to convert from bytes to GB:| eval b = b /1024/1024/1024and this is an example value as ...

by Path Finder in

RegEx How to find two strings from splunk log

I have below log: Service ABCD(blabla_blabla): 365.45.1.87.3.60354 -> remote.234.5 Failure Service DERF(blabla_bla...

by Explorer in

If column is missing then eval

if a field is missing in output, what is the query to eval another field to create this missing field. below query...

by Builder in

Sourcetype count per host

Hello, I would like to Check for each host, its sourcetype and count by Sourcetype.I tried host=* | stats count by...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

VPN count

How to group by date range from JSON Values?

How can i correlate 2 fields with different sourcetype in one table?

What is role of transforms.conf vs. props.conf for field extraction?

Regex for digits before .zip

How to create a bucket of number of events instead of time?

How to achieve request PerSecond using metrics

Time Conversion Issue with now(), 0, last 24 hours, since, etc.

Regex help

Need help joining multisearch results

Need help to write a query using Streamstats.

problem with rounding bytes to gb

RegEx How to find two strings from splunk log

If column is missing then eval

Sourcetype count per host

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!

Search based on a previous conditions. Or alert th...

BotS member needed !

To set up alert using saved search and map command

How to compare 2 lookups and highlight any changes...

How to change pie chart font color from within Spl...